The rapid development in the past decade of computer technologies, and also the widespread use of diverse computing devices (personal computers, notebooks, tablets, smartphones, etc.), has served as a powerful stimulus for the use of these devices in every possible sphere of human activity and for a tremendous number of tasks (from Internet surfing to bank transfers and electronic document traffic). In parallel with the growth in numbers of computing devices and software running on these devices, the volume of malicious software has also grown at a rapid pace.
At present, a huge number of malicious program varieties exist, corresponding to various classes of malicious programs. Some of them steal personal and confidential data from the devices of users (such as logins and passwords, bank details, electronic documents). Others form so-called botnets from the devices of users to guess passwords using the brute force method or launch attacks such as a denial of service (Distributed Denial of Service, DDOS) against other computers or computer networks. Still others foist paid content onto users through aggressive advertising, paid subscriptions, sending of text messages to paid phone numbers, and so forth.
For example, one group of malicious programs may perform a remote administration over infected computers of users. After such a program is installed on the user's computer, it may often obtain administrator rights, which may allow it access to any confidential information of the user, and also let it perform any actions on the user's computer and transfer information about the results of its working to hackers through the computer network. For example, one of the varieties of the above-described program may duplicate on a victim's computer the actions of the hacker being performed by him on his own computer.
The complexity of detecting the above-described programs may be due to the fact that oftentimes they: do not perform malicious actions in explicit form (for example, they do not destroy data, but instead organize DDOS attacks and so forth); they carry out active operations episodically and irregularly; they present themselves as legitimate applications which may be used by administrators to control client computers.
Thus, present-day antivirus programs may not see a malicious functionality in the actions of the above-described programs. Also, known antivirus programs may not handle the tasks of detecting: applications with previously unknown behavior for carrying out a remote administration; or groups of applications realizing a remote administration only taken together, each application having its own perfectly legitimate functionality; and the above-described approaches may also produce false alarms in detecting malicious programs when the remote administration is being performed with the permission of the user.
The present invention solves the problem of protecting computers from unauthorized remote administration.